What is claimed is: 



1 . A method for accepting a message received from an untrusted network by a 
secure entry server in communication with a trusted network, the message 
characterized by a message protocol, the method comprising the steps of: 
receiving the message in an external partition of the server; 

verifying the message protocol; 

converting the message into an internal message, the internal message 
characterized by an internal message protocol; 

transferring the internal message to an internal partition of the server; 

verifying the protocol of the internal message; and 

accepting the message by the secure entry server. 

2. The method of claim 1 further including the step of attaching an access ticket 
to the internal message. 

3. The method of claim 2 further including after the step of attaching, the step of 
formatting the internal message according to the message protocol of the 
received message. 

4. The method of claim 1 wherein the step of verifying the message protocol 
includes the step of dropping the message if the message does not conform 
to the message protocol. 

5. The method of claim 1 wherein the step of verifying the internal message 
protocol includes the step of dropping the internal message if the internal 
message does not conform to the internal message protocol. 

6. The method of claim 2 further including the step of forwarding the accepted 
message to the trusted network based on the access ticket. 

7. A secure entry server for accepting a message received from an untrusted 
network, the message characterized by a message protocol, the secure entry 
server in communication with a trusted network, the secure entry server 
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comprising: 

(a) means for receiving the message in an external partition of the server; 

(b) means for verifying the message protocol; 

(c) means for converting the message into an internal message, the internal 
5 message characterized by an internal message protocol; 

(d) means for transferring the internal message to an internal partition of the 
server; 

(e) means for verifying the protocol of the internal message; and 

(f) means for accepting the message by the secure entry server. 

N 10 8. The secure entry server of claim 7 further including means for attaching an 
5 access ticket to the internal message. 



9. The secure entry server of claim 8 further including means for formatting the 

01 internal message according to the message protocol of the received 

fi § 

7 message. 

M 

15 10. The secure entry server of claim 7 further including means for dropping the 

IH message if the message does not conform to the message protocol. 
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1 1 . The secure entry server of claim 7 further includes means for dropping the 
internal message if the internal message does not conform to the internal 
message protocol. 

20 12. The secure entry server of claim 8 further including means for forwarding the 
accepted message to the trusted network based on the access ticket. 

13. A computer-readable medium having computer-executable instructions for 
performing a method for accepting a message received from an untrusted 
network by a secure entry server in communication with a trusted network, 
25 the message characterized by a message protocol, the method comprising: 
receiving the message in an external partition of the server; 

verifying the message protocol; 
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converting the message into an internal message, the internal message 
characterized by an internal message protocol; 

transferring the internal message to an internal partition of the server; 

verifying the protocol of the internal message; and 

accepting the message by the secure entry server. 

14. The computer-readable medium of claim 13 further including computer- 
executable instructions for attaching an access ticket to the internal 
message. 

15. The computer-readable medium of claim 14 further including computer- 
executable instructions for formatting the internal message according to the 
message protocol of the received message. 

16. The computer-readable medium of claim 13 further including computer- 
executable instructions for dropping the message if the message does not 
conform to the message protocol. 

17. The computer-readable medium of claim 13 further including computer- 
executable instructions for dropping the internal message if the internal 
message does not conform to the internal message protocol. 

18. The computer-readable medium of claim 14 further including computer- 
executable instructions for forwarding the accepted message to the trusted 
network based on the access ticket. 

19. A secure entry server comprising: 

an external partition in communication with an untrusted network, the 
external partition configured to convert a message from the untrusted 
network to an internal message, the message comprising a data field and 
a message header, the message header comprises at least one 
characteristic of the message; 

an internal partition in communication with a trusted network; and 
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a message airlock configured to pass the internal message between the 
external partition and the internal partition. 

20. The secure entry server of claim 19 wherein the message airlock is 
configured to pass the internal message between the external partition and 
the internal partition only upon a request originating from the internal 
partition. 

21 . The secure entry server of claim 19 wherein the message airlock is 
configured to pass the internal message between the external partition and 
the internal partition upon a request originating from the external partition. 

22. The secure entry server of claim 19 wherein the external partition includes 
means for verifying the message. 

23. The secure entry server of claim 19 wherein the message airlock further 
comprises: 

means for opening a logical connection between the external partition and 
the internal partition; 

means for transferring the internal message between the external partition 
and internal partition; and 

means for closing the logical connection between the external partition and 
the internal partition after the internal message is transferred between the 
external partition and the internal partition. 

24. The secure entry server of claim 19 wherein the internal partition includes 
means for verifying the internal message. 

25. The secure entry server of claim 19 wherein the internal partition includes 
means for attaching an access ticket to the internal message. 

26. The secure entry server of claim 19 wherein the internal partition includes a 
dispatcher for forwarding the internal message to a resource in the trusted 
network. 
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27. The secure entry server of claim 26 wherein the dispatcher forwards the 
internal message based in part on an access ticket. 

28. The secure entry server of claim 19 wherein the internal message includes 
an access ticket. 

29. The secure entry server of claim 19 wherein the internal message includes 
an IMF header. 

30. The secure entry server of claim 29 wherein the IMF header includes at least 
one of the characteristic of the message in the message header. 

31. A computer-readable medium having stored thereon a data structure for a 
secure entry server comprising: 

an internal message data field containing data conforming to an internal 
message protocol, the data representing a message between an 
untrusted network and a trusted network, the message characterized by 
a network protocol different from the internal message protocol; and 

an internal message header field containing data representing the 
characterization of the message data field according to the internal 
message protocol. 

32. The computer-readable medium of claim 31 wherein the network protocol is 
selected from a group consisting of HTTP, XML, HOP, POP3, IMAP, SOAP, 
JRMP, RMI, SNMP, XNTP, Sun-RPC, SSH, TELNET, FTP, MS Exchange, 
JDBC, ODBC, SAMBA, NETBIOS and SMTP. 

33. A method for passing a message between an untrusted network and a 
resource on a trusted network, the message characterized by a network 
protocol, the method comprising the steps of: 

receiving the message from the untrusted network; 

converting the received message into an internal message, the internal 

message characterized by an internal message protocol different from 

the network protocol; 
verifying the contents of the internal message; 
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converting the verified internal message to a trusted message characterized 

by a protocol supported by the resource on the trusted network; and 
forwarding the trusted message to the resource on the trusted network. 

34. The method of claim 33 wherein the message protocol is HTTP. 

35. The method of claim 33 wherein the step of converting the received message 
further includes the step of calculating a message digest based on the 
received message and attaching the calculated message digest to the 
internal message. 

36. The method of claim 33 wherein the step of converting the received message 
further includes the step of checking the received message for conformity to 
the message protocol. 

37. The method of claim 33 further including after the step of verifying, the step 
of attaching an application cookie to the verified internal message. 

38. The method of claim 33 wherein the step of converting the internal message 
further includes the step of filtering the contents of the internal message to a 
subset of the message protocol. 

39. The method of claim 38 wherein the filtering of the internal message depends 
on the network protocol of the received message. 

40. The method of claim 33 further including the step of authenticating the 
incoming message. 

41 . The method of claim 40 wherein the message is authenticated based on an 
authentication module on the trusted network. 

42. The method of claim 40 wherein the message is authenticated based on an 
authentication proxy on the untrusted network. 

43. A secure entry server for passing a message between an untrusted network 
and a resource on a trusted network, the message characterized by a 
network protocol, the secure entry server comprising: 
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means for receiving the message from the untrusted network; 

means for converting the received message into an internal message, the 

internal message characterized by an internal message protocol different 

from the network protocol; 
means for verifying the contents of the internal message; 
means for converting the verified internal message to a trusted message 

characterized by a protocol supported by the resource on the trusted 

network; and 

means for forwarding the trusted message to the resource on the trusted 
network. 

44. The secure entry server of claim 43 wherein the network protocol is HTTP. 

45. The secure entry server of claim 43 wherein the means for converting the 
received message further includes means for calculating a message digest 
based on the received message and attaching the calculated message digest 
to the internal message. 

46. The secure entry server of claim 43 wherein the means for converting the 
received message further includes means for checking the received message 
for conformity to the network protocol. 

47. The secure entry server of claim 43 further including means for attaching an 
application cookie to the internal message. 

48. The secure entry server of claim 43 further including means for removing an 
application cookie from the internal message. 

49. The secure entry server of claim 43 further including means for encrypting an 
application cookie attached to the internal message. 

50. The secure entry server of claim 43 wherein the means for converting the 
internal message further includes means for filtering the contents of the 
internal message to a subset of the network protocol. 



51 . The secure entry server of claim 50 wherein the filtering means depends on 
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the network protocol of the received message. 

52. A computer-readable medium having computer-executable instructions for 
performing a method for passing a message between an untrusted network 
and a resource on a trusted network, the message characterized by a 
network protocol, the method comprising the steps of: 

receiving the message from the untrusted network; 

converting the received message into an internal message, the internal 

message characterized by an internal message protocol different from 

the network protocol; 
verifying the contents of the internal message; 

converting the verified internal message to a trusted message characterized 

by a protocol supported by the resource on a trusted network; and 
forwarding the trusted message to the resource on the trusted network. 

53. The computer-readable medium of claim 52 wherein the network protocol is 
HTTP. 

54. The computer-readable medium of claim 52 wherein the step of converting 
the received message further includes the step of calculating a message 
digest based on the received message and attaching the calculated message 
digest to the internal message. 

55. The computer-readable medium of claim 52 wherein the step of converting 
the received message further includes the step of checking the received 
message for conformity to the network protocol. 

56. The computer-readable medium of claim 52 further including after the step of 
verifying, the step of attaching an application cookie to the verified internal 
message. 

57. The computer-readable medium of claim 52 wherein the step of converting 
the internal message further includes the step of filtering the contents of the 
internal message to a subset of the network protocol. 

58. The computer-readable medium of claim 57 wherein the filtering of the 
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internal message depends on the network protocol of the received message. 

59. The computer-readable medium of claim 52 further including the step of 
authenticating the incoming message. 

60. The computer-readable medium of claim 59 wherein the message is 
authenticated based on an authentication module on the trusted network. 

61 . The computer-readable medium of claim 59 wherein the message is 
authenticated based on an authentication proxy on the untrusted network. 

62. The computer-readable medium of claim 52 further including the step of 
removing an application cookie from an outgoing message before the 
outgoing message is sent to the untrusted network. 

63. The computer-readable medium of claim 52 further including the step of 
encrypting an application cookie attached to an outgoing message before the 
outgoing message is sent to the untrusted network. 

64 A secure entry server for restricted access to a resource on a trusted network 
from an untrusted network, the server comprising: 

an adapter for converting a message having a network protocol to and from 
an internal message having an internal message protocol different from 
the network protocol; 

a filter for verifying the contents of the internal message; 

a message airlock for transferring the internal message between the adapter 
and the filter; 

a session table configured to hold at least one characteristic of the internal 
message; 

a manager configured to maintain the session table based on a user 
authorization and the message; 

a converter for converting the internal message to and from a trusted 
message; and 
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dispatcher for receiving and forwarding the trusted message to the 
resource on the trusted network. 
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